Truth be told, I have two exercise addictions: yoga and lap swimming. Yoga provides strength and flexibility benefits, while lap swimming gives my cardiovascular system a stellar workout. As with most things in life, you can take lessons learned from one activity and apply them to others – so it is with yoga and cybersecurity. Let’s “dive” in (swimming pun intended).
Here’s the connection. Yoga (Vinyasa, in particular) teaches us to keep an overriding principle in mind as we flow through postures… the breath. By controlling our breathing, we stay centered on our practice, we go deeper in our posture, and we eliminate the anxiety that comes from holding a posture for a period of time.
So it is with cybersecurity. It is absolutely essential we have a guiding principle or framework for our cybersecurity program. That’s where the CIS Critical Security Controls
or NIST 800-171 or PCI DSS
, or NERC CIP comes in. Each provides the guidance we need to improve our effectiveness with the specific tools/levers used to protect our organization and users.
I think there is a connection between a few of the common postures used in every Vinyasa class and cybersecurity.
Downward Facing Dog
This is the “go-to” posture in every class. The reason we find ourselves in “down dog” so often is because it offers SO many benefits. It is the 80/20 rule of yoga.
A few of its benefits include:
- Decrease in back pain by strengthening the entire back and shoulder girdle.
- Decrease in tension and headaches by elongating the cervical spine and neck and relaxing the head.
- Stronger hands, wrists, low-back, hamstrings, calves, and Achilles tendon.
Many cybersecurity implementations have a “go-to” technology that provides the greatest benefit/insight, and very often, that’s a SIEM
solution like Splunk or QRadar. Tier 1 security analysts may use the SIEM as their “single pane of glass” because it consolidates and analyzes data from many security tools (e.g. vulnerability, configuration changes, inventory, log events) in one place. Most organizations I talk with have a goal of developing their perfect posture “Downward Dog” for cybersecurity.
For me, this one is tough to hold for a long time (sadly, 1 minute). It looks deceptively easy and straightforward, yet when you try it, you'll find it demands a great deal of flexibility in the shoulders as well as stability in the core and strength in the legs.
Its benefits include:
- Strengthen your thighs, which helps to stabilize your knees.
- Strengthen your lower back and glutes.
- Fire up your core muscles, which leads to improved abdominal strength.
This is truly a “foundational posture” where if you do it well, its benefits are wide-ranging to support other postures. With cybersecurity, look to the CIS CSC and the benefits of the first five (foundational) controls. If you do those well, you reduce the vast majority
of cybersecurity risk in the organization.
While I need a bit of concentration to get this one right, and some minor adjustments once I’m there, I don’t find it overly difficult, and it offers benefits such as:
- Concentration – As your arm begins to shake and you ask yourself how long the instructor will ask you to hold the posture, you are forced to concentrate to avoid collapse.
- Builds arm and shoulder strength.
- Stretches and strengthens your wrist.
This posture is more targeted in its benefits than Downward Dog or Chair Pose. It’s mainly focused on the upper body (although there is core involvement). This isn’t always included in a Vinyasa class… maybe every third time I attend a class the instructor includes it.
I see this as important; it’s certainly a common posture, but it offers fewer benefits than the “foundational” postures. In the CIS CSC model, this could be control #8 for Malware Defenses or #9 for Limitation and Control of Network Ports. Definitely important, but you don’t start with it.
There are plenty of parallels in life. Next time you’re in a meeting with someone from “the business” who doesn’t quite understand why you chose to make certain cybersecurity investments over others, test out the yoga analogy.
And remember: no matter what happens, continue to breathe. Ahhhh, doesn’t that feel better? The stress and anxiety just melt away.
You can learn more about Tripwire’s focus on the CIS CSC’s here
on our website.